Using a unique macOS malware known as KANDYKORN, state-sponsored threat actors from the Democratic People’s Republic of Korea (DPRK) have been discovered using Discord to target blockchain engineers of an unidentified cryptocurrency exchange company. According to Elastic Security Labs, which cited an examination of the network architecture and methods employed, the activity, which dates back to April 2023, shows similarities with the notorious antagonistic collective Lazarus Group.
“In order to obtain first access to the environment, threat actors enticed blockchain engineers with a Python application,” security experts Ricardo Ungureanu, Seth Goodwin, and Andrew Pease stated in a paper released today.x000D “This intrusion involved multiple complex stages that each employed deliberate defense evasion techniques.”